remove className from beforeSave hook response

dplewis · dplewis · commit 60bbd4288887 · 2020-12-08T22:23:48.000-06:00
diff --git a/spec/ParseObject.spec.js b/spec/ParseObject.spec.js
@@ -728,6 +728,17 @@ describe('Parse.Object testing', () => {
     });
   });
 
+  it('cannot save object with className field', async () => {
+    const obj = new TestObject();
+    obj.set('className', 'bar');
+    try {
+      await obj.save();
+      expect(true).toBe(false);
+    } catch (e) {
+      expect(e.message).toBe('Invalid field name: className.');
+    }
+  });
+
   it('old attribute unset then unset', function (done) {
     const TestObject = Parse.Object.extend('TestObject');
     const obj = new TestObject();
diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js
@@ -564,7 +564,7 @@ class DatabaseController {
                 }
                 const rootFieldName = getRootFieldName(fieldName);
                 if (
-                  !SchemaController.fieldNameIsValid(rootFieldName) &&
+                  !SchemaController.fieldNameIsValid(rootFieldName, className) &&
                   !isSpecialUpdateKey(rootFieldName)
                 ) {
                   throw new Parse.Error(
@@ -1213,7 +1213,7 @@ class DatabaseController {
               throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Cannot sort by ${fieldName}`);
             }
             const rootFieldName = getRootFieldName(fieldName);
-            if (!SchemaController.fieldNameIsValid(rootFieldName)) {
+            if (!SchemaController.fieldNameIsValid(rootFieldName, className)) {
               throw new Parse.Error(
                 Parse.Error.INVALID_KEY_NAME,
                 `Invalid field name: ${fieldName}.`
diff --git a/src/Controllers/HooksController.js b/src/Controllers/HooksController.js
@@ -242,6 +242,7 @@ function wrapToHTTPRequest(hook, key) {
         if (typeof result === 'object') {
           delete result.createdAt;
           delete result.updatedAt;
+          delete result.className;
         }
         return { object: result };
       } else {
diff --git a/src/Controllers/SchemaController.js b/src/Controllers/SchemaController.js
@@ -424,19 +424,24 @@ function classNameIsValid(className: string): boolean {
     // Be a join table OR
     joinClassRegex.test(className) ||
     // Include only alpha-numeric and underscores, and not start with an underscore or number
-    fieldNameIsValid(className)
+    fieldNameIsValid(className, className)
   );
 }
 
 // Valid fields must be alpha-numeric, and not start with an underscore or number
 // must not be a reserved key
-function fieldNameIsValid(fieldName: string): boolean {
+function fieldNameIsValid(fieldName: string, className: string): boolean {
+  if (className && className !== '_Hooks') {
+    if (fieldName === 'className') {
+      return false;
+    }
+  }
   return classAndFieldRegex.test(fieldName) && !invalidColumns.includes(fieldName);
 }
 
 // Checks that it's not trying to clobber one of the default fields of the class.
 function fieldNameIsValidForClass(fieldName: string, className: string): boolean {
-  if (!fieldNameIsValid(fieldName)) {
+  if (!fieldNameIsValid(fieldName, className)) {
     return false;
   }
   if (defaultColumns._Default[fieldName]) {
@@ -979,7 +984,7 @@ export default class SchemaController {
   ) {
     for (const fieldName in fields) {
       if (existingFieldNames.indexOf(fieldName) < 0) {
-        if (!fieldNameIsValid(fieldName)) {
+        if (!fieldNameIsValid(fieldName, className)) {
           return {
             code: Parse.Error.INVALID_KEY_NAME,
             error: 'invalid field name: ' + fieldName,
@@ -1063,7 +1068,7 @@ export default class SchemaController {
       fieldName = fieldName.split('.')[0];
       type = 'Object';
     }
-    if (!fieldNameIsValid(fieldName)) {
+    if (!fieldNameIsValid(fieldName, className)) {
       throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Invalid field name: ${fieldName}.`);
     }
 
@@ -1157,7 +1162,7 @@ export default class SchemaController {
     }
 
     fieldNames.forEach(fieldName => {
-      if (!fieldNameIsValid(fieldName)) {
+      if (!fieldNameIsValid(fieldName, className)) {
         throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `invalid field name: ${fieldName}`);
       }
       //Don't allow deleting the default fields.

Original file line number	Diff line number	Diff line change
`@@ -242,6 +242,7 @@ function wrapToHTTPRequest(hook, key) {`
`242`	`242`	`if (typeof result === 'object') {`
`243`	`243`	`delete result.createdAt;`
`244`	`244`	`delete result.updatedAt;`
	`245`	`+ delete result.className;`
`245`	`246`	`}`
`246`	`247`	`return { object: result };`
`247`	`248`	`} else {`